From a3ab64f6a262e3bd0da4435729c2e6f9013aad5d Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Mon, 14 Aug 2023 22:11:11 +0200
Subject: gitolite/http: use generic template for vhost

---
 roles/nginx/vhost/defaults/main.yml         | 11 +++++++++++
 roles/nginx/vhost/templates/generic.conf.j2 | 22 ++++++++++++++++++++++
 2 files changed, 33 insertions(+)

(limited to 'roles/nginx/vhost')

diff --git a/roles/nginx/vhost/defaults/main.yml b/roles/nginx/vhost/defaults/main.yml
index 5984e623..1447fb14 100644
--- a/roles/nginx/vhost/defaults/main.yml
+++ b/roles/nginx/vhost/defaults/main.yml
@@ -8,6 +8,9 @@
 #   hostnames:
 #   - example.com
 #   - www.example.com
+#   logs:
+#     access: /var/log/nginx/example_access.log
+#     error: /var/log/nginx/example_error.log
 #   extra_directives: |-
 #     add_header X-Example-Header "foo";
 #   locations:
@@ -45,8 +48,16 @@
 #         add_header X-Example-Header "foo";
 #     '/subdir/':
 #       alias: /srv/www/foo
+#     '/private/':
+#       return: "403"
 #     '/foo/':
 #       proxy_pass: http://127.0.0.1:1234
+#     '/custom/':
+#       custom: |-
+#         include fastcgi_params;
+#         fastcgi_param SCRIPT_FILENAME /usr/lib/cgi/foo
+#         fastcgi_param PATH_INFO       $uri;
+#         fastcgi_pass unix:/run/fcgiwrap/foo.sock;
 
 # nginx_vhost:
 #   name: other-example
diff --git a/roles/nginx/vhost/templates/generic.conf.j2 b/roles/nginx/vhost/templates/generic.conf.j2
index 434fa679..f87d029d 100644
--- a/roles/nginx/vhost/templates/generic.conf.j2
+++ b/roles/nginx/vhost/templates/generic.conf.j2
@@ -3,6 +3,15 @@ server {
     listen [::]:80{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %};
     server_name {{ nginx_vhost.hostnames | join(' ') }};
 
+{% if 'logs' in nginx_vhost %}
+{%   if 'access' in nginx_vhost.logs %}
+    access_log {{ nginx_vhost.logs.access }};
+{%   endif %}
+{%   if 'error' in nginx_vhost.logs %}
+    error_log {{ nginx_vhost.logs.error }};
+{%   endif %}
+
+{% endif %}
 {% if 'tls' in nginx_vhost %}
 {%   if nginx_vhost.tls.certificate_provider == 'acmetool' %}
     include snippets/acmetool.conf;
@@ -18,6 +27,15 @@ server {
     listen [::]:443 ssl http2{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %};
     server_name {{ nginx_vhost.hostnames | join(' ') }};
 
+{% if 'logs' in nginx_vhost %}
+{%   if 'access' in nginx_vhost.logs %}
+    access_log {{ nginx_vhost.logs.access }};
+{%   endif %}
+{%   if 'error' in nginx_vhost.logs %}
+    error_log {{ nginx_vhost.logs.error }};
+{%   endif %}
+
+{% endif %}
 {%   if nginx_vhost.tls.certificate_provider == 'acmetool' %}
     include snippets/acmetool.conf;
 {% endif %}
@@ -55,6 +73,10 @@ server {
         proxy_ssl_{{ prop }} {{ location.proxy_ssl[prop] }};
 {%       endfor %}
 {%     endif %}
+{%   elif 'return' in location %}
+        return {{ location.return }};
+{%   elif 'custom' in location %}
+        {{ location.custom | indent(8) }}
 {%   else %}
 {%     if 'root' in location %}
         root {{ location.root }};
-- 
cgit v1.2.3